‼ CVE-2021-27565 ‼
📖 Read
via "National Vulnerability Database".
The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service (infinite loop and networking outage) via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbs_loop() debugger hook.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39274 ‼
📖 Read
via "National Vulnerability Database".
In XeroSecurity Sn1per 9.0 (free version), insecure directory permissions (0777) are set during installation, allowing an unprivileged user to modify the main application and the application configuration file. This results in arbitrary code execution with root privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-31401 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35685 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35683 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.📖 Read
via "National Vulnerability Database".
❌ Postmortem on U.S. Census Hack Exposes Cybersecurity Failures ❌
📖 Read
via "Threat Post".
Government says cybersecurity failures were many within failed January hack of U.S. Census Bureau systems.📖 Read
via "Threat Post".
Threat Post
Postmortem on U.S. Census Hack Exposes Cybersecurity Failures
Government says cybersecurity failures were many within failed January hack of U.S. Census Bureau systems.
🦿 83 million devices using the Kalay protocol are at risk for remote takeover. Are yours? 🦿
📖 Read
via "Tech Republic".
ThroughTek's Kalay is used to manage security cameras, baby monitors, DVRs and more. A newly discovered flaw lets attackers watch, listen and steal recordings from hardware sold by dozens of vendors.📖 Read
via "Tech Republic".
TechRepublic
83 million devices using the Kalay protocol are at risk for remote takeover. Are yours?
ThroughTek's Kalay is used to manage security cameras, baby monitors, DVRs and more. A newly discovered flaw lets attackers watch, listen and steal recordings from hardware sold by dozens of vendors.
🦿 It's time to retire the Social Security number 🦿
📖 Read
via "Tech Republic".
With 40 million people having their SSN exposed during the T-Mobile hack, it's time to reconsider the usefulness of the Social Security number.📖 Read
via "Tech Republic".
TechRepublic
It's time to retire the Social Security number
With 40 million people having their SSN exposed during the T-Mobile hack, it's time to reconsider the usefulness of the Social Security number.
🦿 15 highest-paying certifications for 2021 🦿
📖 Read
via "Tech Republic".
The top certification on the annual Skillsoft list has a salary of more than $171,000. Find out what certifications you should be working toward.📖 Read
via "Tech Republic".
TechRepublic
15 highest-paying certifications for 2021
The top certification on the annual Skillsoft list has a salary of more than $171,000. Find out what certifications you should be working toward.
‼ CVE-2021-27822 ‼
📖 Read
via "National Vulnerability Database".
A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27999 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28000 ‼
📖 Read
via "National Vulnerability Database".
A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted payloads entered into the Name and Address fields.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28002 ‼
📖 Read
via "National Vulnerability Database".
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28001 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/articles/welcome-to-your-site#comments-head.📖 Read
via "National Vulnerability Database".
❌ COVID-19 Contact-Tracing Data Exposed, Fake Vax Cards Circulate ❌
📖 Read
via "Threat Post".
COVID-19-related exploitation and abuse is on the rise as vaccine data opens new frontiers for threat actors.📖 Read
via "Threat Post".
Threat Post
COVID-19 Contact-Tracing Data Exposed, Fake Vax Cards Circulate
COVID-19-related exploitation and abuse is on the rise as vaccine data opens new frontiers for threat actors.
❌ Windows EoP Bug Detailed by Google Project Zero ❌
📖 Read
via "Threat Post".
Microsoft first dismissed the elevation of privilege flaw but decided yesterday that attackers injecting malicious code is worthy of attention.📖 Read
via "Threat Post".
Threat Post
Windows EoP Bug Detailed by Google Project Zero
Microsoft first dismissed the elevation of privilege flaw but decided yesterday that attackers injecting malicious code is worthy of attention.
🦿 How to configure SSH access through Webmin 🦿
📖 Read
via "Tech Republic".
Looking for an easier way to configure SSH on your data center servers? How about Webmin? Jack Wallen walks you through some of the options for better SSH security using this web-based GUI.📖 Read
via "Tech Republic".
TechRepublic
How to configure SSH access through Webmin
Looking for an easier way to configure SSH on your data center servers? How about Webmin? Jack Wallen walks you through some of the options for better SSH security using this web-based GUI.
🦿 T-Mobile breach exposed personal data of almost 50 million people 🦿
📖 Read
via "Tech Republic".
Attackers captured the names, dates of birth, Social Security numbers and driver's license numbers of millions of current, former and potential T-Mobile customers.📖 Read
via "Tech Republic".
TechRepublic
T-Mobile breach exposed personal data of almost 50 million people
Attackers captured the names, dates of birth, Social Security numbers and driver's license numbers of millions of current, former and potential T-Mobile customers.
‼ CVE-2020-18748 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37698 ‼
📖 Read
via "National Vulnerability Database".
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server's certificate despite a certificate authority being specified. Icinga 2 instances which connect to any of the mentioned time series databases (TSDBs) using TLS over a spoofable infrastructure should immediately upgrade to version 2.13.1, 2.12.6, or 2.11.11 to patch the issue. Such instances should also change the credentials (if any) used by the TSDB writer feature to authenticate against the TSDB. There are no workarounds aside from upgrading.📖 Read
via "National Vulnerability Database".
‼ CVE-2013-1791 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.📖 Read
via "National Vulnerability Database".